Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-27936 — Discourse discloses restricted post-action counts to non-privileged users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileg…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-27935 — Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin use…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-27934 — Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosur…

discourse | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
9.1 CRITICAL
CVE-2026-4428 — CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificat…

Remote | Authentication
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.3 LOW
CVE-2026-4395 — Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buff…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.9 MEDIUM
CVE-2026-3849 — Buffer Overflow in HPKE via Oversized ECH Config

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could ca…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.3 HIGH
CVE-2026-3549 — ECH parsing heap buffer overflow

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer.…

Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.5 HIGH
CVE-2026-3547 — wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A…

wolfssl | Remote | Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.2 LOW
CVE-2026-3230 — Improper key_share validation in TLS 1.3 HelloRetryRequest

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted …

wolfssl | Remote | Cryptography
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
1.2 LOW
CVE-2026-3229 — Integer Overflow in Certificate Chain Allocation

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certifica…

| Memory Corruption
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.7 HIGH
CVE-2026-33346 — OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal paym…

openemr | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.6 HIGH
CVE-2026-33321 — OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patie…

openemr | Remote | Server-Side Request Forgery
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.4 MEDIUM
CVE-2026-33305 — OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) a…

openemr | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-33304 — OpenEMR has Authorization Bypass in Dated Reminders Log

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated …

openemr | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
5.4 MEDIUM
CVE-2026-33303 — OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print …

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `p…

openemr | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.1 HIGH
CVE-2026-33302 — OpenEMR: zhAclCheck Ignores Explicit ACL Denies

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence…

openemr | Remote | Authorization
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.1 HIGH
CVE-2026-33301 — OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in pati…

openemr | Remote | Information Disclosure
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
8.5 HIGH
CVE-2026-33299 — OpenEMR has Stored XSS in patient encounter Eye Exam form answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in p…

openemr | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
7.6 HIGH
CVE-2026-32749 — SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file…

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart …

siyuan | Remote | Path Traversal
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
6.8 MEDIUM
CVE-2026-32747 — SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and D…

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs() with no workspace boundary check, relying solely on util…

siyuan | Remote | Path Traversal
Mar 19, 2026 Mar 20, 2026
Mar 19, 2026
Mar 20, 2026
Showing 20 of 5707 Results